
The Latest Hack: Dozens of Google Chrome Extensions Compromised
While many of us were celebrating the holidays, cybercriminals were hard at work. A recent attack has targeted Google Chrome users, aiming to bypass two-factor authentication and steal user data. This hack has potentially exposed the information of over 2.6 million people.
Here’s what you need to know:
The Hack
On December 24th, a phishing attack tricked a Cyberhaven employee – a company that creates data security tools – and gained access to their Google Chrome Web Store account. Once inside, the hacker used this access to upload a fake, harmful version of Cyberhaven’s Google Chrome extension.
This malicious software was available in the Chrome Web Store from December 25th at 1:32 AM UTC to December 26th at 2:50 AM UTC. It’s believed that this hack affected at least 35 browser extensions, potentially putting 2.6 million users at risk.
But this wasn’t an isolated incident. The attack on Cyberhaven is part of a larger campaign targeting Chrome extension developers. Other extensions suspected to have been compromised include:
- AI Tools: ChatGPT and Gemini for Chrome, Bard AI Chat Extension, GPT-4 Summary with OpenAI, Wayin AI, and more.
- VPN Services: VPNCity, Internxt VPN.
- Video Tools: Vidnoz Flex Video Recorder, VidHelper Video Downloader.
- Utilities: Bookmark Favicon Changer, Reader Mode, Proxy SwitchyOmega (V3), Web3 Password Manager, and many others.
(A full list of suspected compromised extensions is included below.)
How Did the Hackers Do It?
The Cyberhaven attack started with a phishing email pretending to be from Google. The email falsely warned the employee that Cyberhaven’s Chrome extension would be removed from the Chrome Web Store unless they updated its Google privacy policy. This type of urgent message is a common trick used in phishing attacks.
The email included a link that, when clicked, asked the employee to approve access for a third-party application. When the employee clicked the link and granted the application approval, they unknowingly let a hacker into Cyberhaven’s Chrome Web Store. This allowed the hacker to upload a harmful version of Cyberhaven’s extension.
What’s Being Done to Fix This?
Cyberhaven has already released a secure version of their extension (version 24.10.5) to replace the harmful one.
If you’re using Cyberhaven’s extension version 24.10.4, or you don’t know what you are using, Cyberhaven strongly recommends that you:
- Check your extension Version: If you’re using version 24.10.4, update it immediately.
- Update to the latest version: Make sure you have version 24.10.5 or newer.
- Change your passwords: Update your passwords for extra protection.
- Monitor for suspicious activity: Check your accounts for anything unusual, like unexpected logins or transactions.
Find a full list of compromised extensions here.
Moral of the Story
Anyone can fall victim to phishing – even cybersecurity professionals. This attack showed all the usual signs: a false sense of urgency, a push to download something from a third-party site, and a fake Google security email.
While these can be tricky to spot, this incident highlights the importance of slowing down, staying skeptical, and confirming any information – especially when dealing with sensitive data.
Beyond that, this attack exposes a commonly overlooked vulnerability in cybersecurity: web extensions. Many businesses don’t monitor or control what extensions employees install. As these attacks get more sophisticated, it’s more important than ever to keep a close eye on the extensions installed on your company’s devices.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, providing each one with white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth. To learn more, visit the20msp.com.